Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Hi Toast,Please do each step before proceeding to the next.I would print this out first, to be sure you are doing everything in the correct sequence. Don't Guess.

We are going to remove your AVG antivirus and replace it with an antivirus called Avira Antivir.This is necessary to for all our tools to work corrrectly.Then we will have Antivir run a scan and give us a report without removing anything.-----------------------------------------------Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programsIt is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394As a condition of receiving our help, I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time.If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.(Limewire has just been shut down by the courts).Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.-----------------------------------------------Download Antivir FreeThis program is free for personal, non-business use.Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtmlClick the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exeDouble check to be sure you know where to find it.------------------------------------------------Remove AVG Antivirus and utorrent Using the Control PanelFrom Start, Control Panel, click on Uninstall a program under the Programs heading.Right click each of these entries in turn, choose Uninstall/Change, and give permission to Continue:µTorrentAVG Free 9.0

Take extra care in answering questions posed by any Uninstaller.-----------------------------------------------Install AntivirRight Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir. -----------------------------------------------Update and Scan with AntivirRight click the red umbrella icon and choose Start Antivir.When the window comes up click Start Update.When the update is complete, click on Scan System Now.This full scan could take a hour or more. It will ask what to do with any items it finds.IMPORTANT >> For Now, tell it to IGNORE any items it finds. Do not choose Quarantine or Delete.-----------------------------------------------Get Last Avira ReportRight click the red umbrella icon in the system tray and click Start AntivirIn the left pane, click Overview, then click ReportsThere wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled ScanClick on the Report File button, or Right click the report and choose Display Report.The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).Paste the contents (Ctrl+V) into your next reply.---------------------------------------------Run CKScannerDownload CKScanner from HEREImportant - Save it to your desktop.Doubleclick CKScanner.exe and click Search For Files.After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.A message box will verify the file saved.Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

I have removed Utorrent, I read the policy. And removed AVG. I downloaded theAvira Exe. file, right clicked the Run as... from desktop, then it gives me choice of "current user" or sign in with password. I chose "current user" but it does not progress past the installation progress window. It will not show any progress, even after 15 minutes. Never was the term "administrator" presented. I need to know what to do next, the progress window is still activated with nothing happening.

I went ahead and double clicked the exe file to get it running....At various times I get the following message: "The instruction at "0x1006a7c" referenced memory could not be written. Click on OK to terminate the program"- which I did.

Avira AntiVir PersonalReport file date: Monday, March 28, 2011 20:38

Scanning for 2541638 virus strains and unwanted programs.

The program is running as an unrestricted full version.Online services are available:

Toast,----------------------------------------------Download and Run Temp File Cleaner (TFC.exe)Download Temp File Cleaner and save it to your desktop.You might want to Copy/Paste/Print these instructions and Save any unsaved work. TFC will close ALL open programs... including your browser!Double click to run it. If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running. After Restart, log back in to your usual account.-----------------------------------------------------------Download and Run ComboFixIMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.You will need to disable all your antivirus software after downloading but BEFORE running ComboFix..

Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it. **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**

DISABLE AVIRA ANTIVIRPlease navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this: )

Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.

You should now see a closed umbrella on a red background (looks like this: )

The AntiVir Guards are now disabled.

Now start ComboFix (zzz.exe)

The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).

If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).

It will run through about 50 procedures, then take a while to assemble its output log.

Do not touch the computer AT ALL while ComboFix is running.

When finished, the report will open. Post the log in your next reply, and then Reenable your AVG protection software

A copy of the log will be located here if you need it-> C:\ComboFix.txtIf you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.askey127

Computer Name: JOHN-FORREY | User Name: John Forrey | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Computer Name: JOHN-FORREY | User Name: John Forrey | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Toast,It should be safe to run the Antivir Full Scan again. This time have it Delete or Quarantine anything it finds. Then please post the contents of the latest Scan Log.-----------------------------------------------------------Check Hard Disk For ErrorsPress Start->Run, then type or copy/paste the following command into the box and press OK:

Beginning disinfection:C:\Documents and Settings\John Forrey\Application Data\Sun\Java\Deployment\cache\6.0\25\39340b59-741fd73c [DETECTION] Contains recognition pattern of the JAVA/Exdoer.AJ Java virus [NOTE] The file was moved to the quarantine directory under the name '4f4d1314.qua'.

End of the scan: Wednesday, March 30, 2011 16:05Used time: 1:14:03 Hour(s)

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.